1

我正在使用登录系统,每当用户尝试访问非授权页面时,他应该返回登录页面登录,我该如何执行

下面是我的登录脚本

<?php

session_start();
$host="localhost"; // Host name 
$db_username="root"; // Mysql username 
$db_password=""; // Mysql password 
$db_name="designshop"; // Database name 
$tbl_name="member"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$db_username", "$db_password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$member_username=$_POST['member_username']; 
$password=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$member_username = stripslashes($member_username);
$password = stripslashes($password);
$member_username = mysql_real_escape_string($member_username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE member_username='$member_username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['member_username']=$_POST['member_username'];
$_SESSION['password']=$_POST['password'];

header("location:login_success.php");
}
else {
header("location:try_again.html");
}
?>
4

4 回答 4

1

您所要做的就是检查$_SESSION['member_username']. 如果已设置,则表示您的用户已登录,因此他无需重新登录。

笔记:

  • 没有必要在会话中存储用户的密码:事实上,最好不要。
  • 您通过 MySQL 进行身份验证,这意味着您以明文形式存储密码:这是一种不好的做法。最好仅基于 , 从数据库中检索username和检索,并在您的 PHP 代码中进行比较:例如,这将允许您存储'd 密码。passwordusernamesha1
于 2013-07-30T07:10:43.023 回答
0

把它放在下面的顶部session_start()...

   if(!empty($_SESSION['member_username'])){header("location: login_success.php");}

像这样...

session_start();

 if(!empty($_SESSION['member_username'])){
 header("location: login_success.php");}

 $host="localhost"; // Host name 
 $db_username="root"; // Mysql username 
 $db_password=""; // Mysql password 
 //REST OF CODE
于 2013-07-30T07:11:49.710 回答
0

启动代码session_start()并检查是否在任何用户尝试访问该页面时设置了会话,如果设置了会话,则重定向到该页面,否则重定向到登录页面

您可以使用 isset() 检查

于 2013-07-30T07:13:09.860 回答
0

按照此代码... 

 <?php session_start();
    include('conn.php');
    $Name = $_POST['login_id'];
    $Pass = $_POST['password'];
    $select="select * from admin_login where admin_name='$Name' AND admin_pwd='$Pass'";
    $query=mysql_query($select) or die($select);
    $rows=mysql_fetch_array($query);
    $row=mysql_num_rows($query);


    if($row != 0)
    {
        $_SESSION['admin_name']=$rows['admin_name'];
        echo "<script>window.location.href='index.php'</script>";

    }else
    {
        $message = 'Invalid Username Or Password';
         echo '<script type="text/javascript">alert("'.$message.'")</script>'; 
        echo "<script>window.location.href='login.php'</script>";

    }
    ?>

将此代码放在每一页的顶部

<?php session_start();
if(isset($_SESSION["admin_name"])=='') print('<script>window.location.href="login.php"</script>');
于 2013-07-30T07:14:32.623 回答